package com.rsa.certj.provider.revocation.ocsp;

import com.rsa.asn1.ASN_Exception;
import com.rsa.certj.CertJ;
import com.rsa.certj.CertJUtils;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.NoServiceException;
import com.rsa.certj.NotSupportedException;
import com.rsa.certj.Provider;
import com.rsa.certj.ProviderImplementation;
import com.rsa.certj.ProviderManagementException;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.NameException;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.X509V3Extensions;
import com.rsa.certj.cert.extensions.X509V3Extension;
import com.rsa.certj.provider.TransportImplementation;
import com.rsa.certj.provider.pki.PKICommonImplementation;
import com.rsa.certj.spi.path.CertPathCtx;
import com.rsa.certj.spi.pki.PKIException;
import com.rsa.certj.spi.pki.PKIResult;
import com.rsa.certj.spi.pki.PKIStatusInfo;
import com.rsa.certj.spi.revocation.CertRevocationInfo;
import com.rsa.certj.spi.revocation.CertStatusException;
import com.rsa.certj.spi.revocation.CertStatusInterface;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.net.URL;
import java.util.Hashtable;

/* loaded from: input_file:com/rsa/certj/provider/revocation/ocsp/OCSP.class */
public final class OCSP extends Provider {
    private OCSPResponder[] a;
    private OCSPResponderInternal[] b;
    protected static final int SUPPORTED_VERSION = 0;
    protected static final int NONCE_LEN = 16;
    private static String c = "application/ocsp-request";
    private static String d = "application/ocsp-response";
    private boolean e;
    private Hashtable f;

    /* loaded from: input_file:com/rsa/certj/provider/revocation/ocsp/OCSP$Implementation.class */
    private final class Implementation extends PKICommonImplementation implements CertStatusInterface {
        CertJ a;
        private final OCSP b;

        private Implementation(OCSP ocsp, CertJ certJ, String str) throws InvalidParameterException, PKIException {
            super(certJ, str);
            this.b = ocsp;
            if (OCSP.a(ocsp) != null) {
                loadConfig(OCSP.a(ocsp));
            }
            this.a = certJ;
        }

        @Override // com.rsa.certj.spi.revocation.CertStatusInterface
        public CertRevocationInfo checkCertRevocation(CertPathCtx certPathCtx, Certificate certificate) throws NotSupportedException, CertStatusException {
            if (certPathCtx == null) {
                throw new NotSupportedException("pathCtx==null");
            }
            return a(certPathCtx, new Certificate[]{certificate})[0];
        }

        private void a(String str, byte[] bArr) {
            try {
                FileOutputStream fileOutputStream = new FileOutputStream(str);
                fileOutputStream.write(bArr);
                fileOutputStream.close();
            } catch (Exception e) {
            }
        }

        private CertRevocationInfo[] a(CertPathCtx certPathCtx, Certificate[] certificateArr) throws NotSupportedException, CertStatusException {
            if (certificateArr == null) {
                return null;
            }
            int length = certificateArr.length;
            CertRevocationInfo[] certRevocationInfoArr = new CertRevocationInfo[length];
            OCSPMatchedResponder[] oCSPMatchedResponderArr = new OCSPMatchedResponder[length];
            for (int i = 0; i < length; i++) {
                if (certificateArr[i] == null) {
                    oCSPMatchedResponderArr[i] = null;
                    certRevocationInfoArr[i] = null;
                } else {
                    oCSPMatchedResponderArr[i] = a(certPathCtx.getPathOptions(), (X509Certificate) certificateArr[i]);
                }
            }
            for (int i2 = 0; i2 < length; i2++) {
                try {
                    String str = null;
                    if (certificateArr[i2] != null) {
                        X509V3Extensions extensions = ((X509Certificate) certificateArr[i2]).getExtensions();
                        if (extensions == null || extensions.getExtensionByType(X509V3Extension.OCSP_NOCHECK) == null) {
                            certRevocationInfoArr[i2] = new CertRevocationInfo(2, 0, null);
                            if (oCSPMatchedResponderArr[i2] != null) {
                                OCSPRequest oCSPRequest = new OCSPRequest(this.a, oCSPMatchedResponderArr[i2].responder, certificateArr);
                                byte[] encode = oCSPRequest.encode(certPathCtx);
                                if (OCSP.b(this.b)) {
                                    byte[] uniqueID = certificateArr[i2].getUniqueID();
                                    str = uniqueID == null ? "" : new String(uniqueID);
                                    a(new StringBuffer().append("ocspreq.").append(str).append(".der").toString(), encode);
                                }
                                try {
                                    PKIResult a = a(oCSPMatchedResponderArr[i2].destList, oCSPMatchedResponderArr[i2].proxyList, encode);
                                    byte[] encodedResponse = a.getEncodedResponse();
                                    PKIStatusInfo statusInfo = a.getStatusInfo();
                                    if (statusInfo.getStatus() != 0) {
                                        throw new CertStatusException(new StringBuffer().append("OCSP Transport status != 0 (").append(statusInfo.getStatus()).append(")").toString());
                                    }
                                    if (statusInfo.getFailInfoAux() != 200) {
                                        throw new CertStatusException(new StringBuffer().append("OCSP Transport HTTP status != 200\n").append(statusInfo.getStatusStrings()).toString());
                                    }
                                    if (OCSP.b(this.b)) {
                                        a(new StringBuffer().append("ocspresp.").append(str).append(".der").toString(), encodedResponse);
                                    }
                                    OCSPResponse oCSPResponse = new OCSPResponse(this.a, OCSP.c(this.b)[i2], (X509Certificate) certificateArr[i2]);
                                    oCSPResponse.decode(certPathCtx, encodedResponse, oCSPRequest);
                                    CertRevocationInfo revocationInfo = oCSPResponse.getRevocationInfo(oCSPRequest.getCertID(i2));
                                    byte[] nonce = oCSPRequest.getNonce();
                                    if (nonce != null) {
                                        byte[] nonce2 = oCSPResponse.getNonce();
                                        if (nonce2 == null) {
                                            OCSPEvidence oCSPEvidence = revocationInfo.getType() == 2 ? (OCSPEvidence) revocationInfo.getEvidence() : null;
                                            if (oCSPEvidence != null) {
                                                oCSPEvidence.setFlags(oCSPEvidence.getFlags() | 1);
                                            }
                                        } else if (!CertJUtils.byteArraysEqual(nonce, nonce2)) {
                                            throw new NotSupportedException("OCSP nonce mismatch");
                                        }
                                    }
                                    if (revocationInfo != null) {
                                        certRevocationInfoArr[i2] = revocationInfo;
                                    }
                                } catch (PKIException e) {
                                    throw new CertStatusException(e.getMessage());
                                }
                            }
                        } else {
                            certRevocationInfoArr[i2] = new CertRevocationInfo(0, 0, null);
                        }
                    }
                } catch (ASN_Exception e2) {
                    throw new CertStatusException(e2.getMessage());
                } catch (InvalidParameterException e3) {
                    throw new NotSupportedException(e3.getMessage());
                } catch (NoServiceException e4) {
                    throw new NotSupportedException(e4.getMessage());
                } catch (CertificateException e5) {
                    throw new NotSupportedException(e5.getMessage());
                }
            }
            return certRevocationInfoArr;
        }

        private PKIResult a(String[] strArr, String[] strArr2, byte[] bArr) throws NotSupportedException, PKIException {
            boolean z = false;
            for (String str : strArr) {
                try {
                    URL url = new URL(str);
                    if (url.getProtocol().equals("http")) {
                        z = true;
                        PKIResult sendAndReceiveHttp = sendAndReceiveHttp(url, new String[]{"User-Agent: Cert-J/2.0", new StringBuffer().append(TransportImplementation.MIME_CONTENT_TYPE_PREFIX).append(OCSP.a()).toString()}, strArr2, bArr, new String[]{new StringBuffer().append(TransportImplementation.MIME_CONTENT_TYPE_PREFIX).append(OCSP.b()).toString()});
                        PKIStatusInfo statusInfo = sendAndReceiveHttp.getStatusInfo();
                        if (statusInfo.getStatus() != 2 || (statusInfo.getFailInfo() & PKIStatusInfo.PKI_FAIL_SERVER_ERROR) == 0) {
                            return sendAndReceiveHttp;
                        }
                    } else {
                        continue;
                    }
                } catch (Exception e) {
                }
            }
            throw new PKIException(z ? "Unable to connect to an OCSP responder." : "Unable to choose an OCSP responder.");
        }

        private OCSPMatchedResponder a(int i, X509Certificate x509Certificate) {
            String[] destList;
            OCSPResponderInternal oCSPResponderInternal = null;
            OCSPResponderInternal oCSPResponderInternal2 = null;
            x509Certificate.getIssuerName();
            String aIALocation = (i & 2048) == 0 ? OCSPutil.getAIALocation(x509Certificate) : null;
            if (aIALocation == null) {
                for (int i2 = 0; i2 < OCSP.c(this.b).length; i2++) {
                    OCSPResponderInternal oCSPResponderInternal3 = OCSP.c(this.b)[i2];
                    if (oCSPResponderInternal3.getResponderCACert(x509Certificate) != null && (destList = oCSPResponderInternal3.getDestList()) != null) {
                        return new OCSPMatchedResponder(this.b, oCSPResponderInternal3, destList, oCSPResponderInternal3.getProxyList());
                    }
                }
                return null;
            }
            String[] strArr = {aIALocation};
            for (int i3 = 0; i3 < OCSP.c(this.b).length; i3++) {
                oCSPResponderInternal = OCSP.c(this.b)[i3];
                if (oCSPResponderInternal.getResponderCACert(x509Certificate, aIALocation) != null) {
                    return new OCSPMatchedResponder(this.b, oCSPResponderInternal, strArr, oCSPResponderInternal.getProxyList());
                }
                if (oCSPResponderInternal.getResponderCACert(x509Certificate) != null && oCSPResponderInternal2 == null) {
                    oCSPResponderInternal2 = oCSPResponderInternal;
                }
            }
            if (oCSPResponderInternal2 == null) {
                return null;
            }
            return new OCSPMatchedResponder(this.b, oCSPResponderInternal2, strArr, oCSPResponderInternal.getProxyList());
        }

        @Override // com.rsa.certj.ProviderImplementation
        public String toString() {
            return new StringBuffer().append("OCSP Certificate Status provider named: ").append(getName()).toString();
        }

        Implementation(OCSP ocsp, CertJ certJ, String str, Cab cab) throws InvalidParameterException, PKIException {
            this(ocsp, certJ, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/rsa/certj/provider/revocation/ocsp/OCSP$OCSPMatchedResponder.class */
    public class OCSPMatchedResponder {
        public OCSPResponderInternal responder;
        public String[] destList;
        public String[] proxyList;
        private final OCSP a;

        protected OCSPMatchedResponder(OCSP ocsp, OCSPResponderInternal oCSPResponderInternal, String[] strArr, String[] strArr2) {
            this.a = ocsp;
            this.responder = oCSPResponderInternal;
            this.destList = strArr;
            this.proxyList = strArr2;
        }
    }

    public final void setDebugWriteDERs(boolean z) {
        this.e = z;
    }

    public OCSP(String str, OCSPResponder oCSPResponder) throws InvalidParameterException, CertificateException, NameException {
        super(2, str);
        this.e = false;
        this.f = null;
        if (oCSPResponder == null) {
            throw new InvalidParameterException("responder == null");
        }
        this.a = new OCSPResponder[1];
        this.a[0] = new OCSPResponder(oCSPResponder);
    }

    public OCSP(String str, OCSPResponder[] oCSPResponderArr) throws InvalidParameterException, CertificateException, NameException {
        super(2, str);
        this.e = false;
        this.f = null;
        if (oCSPResponderArr == null) {
            throw new InvalidParameterException("responder == null");
        }
        int length = oCSPResponderArr.length;
        this.a = new OCSPResponder[length];
        for (int i = 0; i < length; i++) {
            if (oCSPResponderArr[i] == null) {
                throw new InvalidParameterException(new StringBuffer().append("responders[").append(i).append("] == null").toString());
            }
            this.a[i] = new OCSPResponder(oCSPResponderArr[i]);
        }
    }

    public OCSP(String str, OCSPResponder oCSPResponder, InputStream inputStream) throws InvalidParameterException, CertificateException, NameException {
        this(str, oCSPResponder);
        if (inputStream == null) {
            throw new InvalidParameterException("OCSP: configStream should not be null.");
        }
        this.f = PKICommonImplementation.loadProperties(inputStream);
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:11:0x006c
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    public OCSP(java.lang.String r6, com.rsa.certj.provider.revocation.ocsp.OCSPResponder r7, java.io.File r8) throws com.rsa.certj.InvalidParameterException, com.rsa.certj.cert.CertificateException, com.rsa.certj.cert.NameException {
        /*
            r5 = this;
            r0 = r5
            r1 = r6
            r2 = r7
            r0.<init>(r1, r2)
            r0 = r8
            if (r0 != 0) goto L14
            com.rsa.certj.InvalidParameterException r0 = new com.rsa.certj.InvalidParameterException
            r1 = r0
            java.lang.String r2 = "OCSP: configFile should not be null."
            r1.<init>(r2)
            throw r0
        L14:
            r0 = 0
            r9 = r0
            java.io.FileInputStream r0 = new java.io.FileInputStream     // Catch: java.io.FileNotFoundException -> L30 java.lang.Throwable -> L55
            r1 = r0
            r2 = r8
            r1.<init>(r2)     // Catch: java.io.FileNotFoundException -> L30 java.lang.Throwable -> L55
            r9 = r0
            r0 = r5
            r1 = r9
            java.util.Hashtable r1 = com.rsa.certj.provider.pki.PKICommonImplementation.loadProperties(r1)     // Catch: java.io.FileNotFoundException -> L30 java.lang.Throwable -> L55
            r0.f = r1     // Catch: java.io.FileNotFoundException -> L30 java.lang.Throwable -> L55
            r0 = jsr -> L5d
        L2d:
            goto L70
        L30:
            r10 = move-exception
            com.rsa.certj.InvalidParameterException r0 = new com.rsa.certj.InvalidParameterException     // Catch: java.lang.Throwable -> L55
            r1 = r0
            java.lang.StringBuffer r2 = new java.lang.StringBuffer     // Catch: java.lang.Throwable -> L55
            r3 = r2
            r3.<init>()     // Catch: java.lang.Throwable -> L55
            java.lang.String r3 = "OCSP: "
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> L55
            r3 = r8
            java.lang.String r3 = r3.toString()     // Catch: java.lang.Throwable -> L55
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> L55
            java.lang.String r3 = " does not exist."
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> L55
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Throwable -> L55
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L55
            throw r0     // Catch: java.lang.Throwable -> L55
        L55:
            r11 = move-exception
            r0 = jsr -> L5d
        L5a:
            r1 = r11
            throw r1
        L5d:
            r12 = r0
            r0 = r9
            if (r0 == 0) goto L6e
            r0 = r9
            r0.close()     // Catch: java.io.IOException -> L6c
            goto L6e
        L6c:
            r13 = move-exception
        L6e:
            ret r12
        L70:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.rsa.certj.provider.revocation.ocsp.OCSP.<init>(java.lang.String, com.rsa.certj.provider.revocation.ocsp.OCSPResponder, java.io.File):void");
    }

    public OCSP(String str, OCSPResponder[] oCSPResponderArr, InputStream inputStream) throws InvalidParameterException, CertificateException, NameException {
        this(str, oCSPResponderArr);
        if (inputStream == null) {
            throw new InvalidParameterException("OCSP: configStream should not be null.");
        }
        this.f = PKICommonImplementation.loadProperties(inputStream);
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:11:0x006c
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    public OCSP(java.lang.String r6, com.rsa.certj.provider.revocation.ocsp.OCSPResponder[] r7, java.io.File r8) throws com.rsa.certj.InvalidParameterException, com.rsa.certj.cert.CertificateException, com.rsa.certj.cert.NameException {
        /*
            r5 = this;
            r0 = r5
            r1 = r6
            r2 = r7
            r0.<init>(r1, r2)
            r0 = r8
            if (r0 != 0) goto L14
            com.rsa.certj.InvalidParameterException r0 = new com.rsa.certj.InvalidParameterException
            r1 = r0
            java.lang.String r2 = "OCSP: configFile should not be null."
            r1.<init>(r2)
            throw r0
        L14:
            r0 = 0
            r9 = r0
            java.io.FileInputStream r0 = new java.io.FileInputStream     // Catch: java.io.FileNotFoundException -> L30 java.lang.Throwable -> L55
            r1 = r0
            r2 = r8
            r1.<init>(r2)     // Catch: java.io.FileNotFoundException -> L30 java.lang.Throwable -> L55
            r9 = r0
            r0 = r5
            r1 = r9
            java.util.Hashtable r1 = com.rsa.certj.provider.pki.PKICommonImplementation.loadProperties(r1)     // Catch: java.io.FileNotFoundException -> L30 java.lang.Throwable -> L55
            r0.f = r1     // Catch: java.io.FileNotFoundException -> L30 java.lang.Throwable -> L55
            r0 = jsr -> L5d
        L2d:
            goto L70
        L30:
            r10 = move-exception
            com.rsa.certj.InvalidParameterException r0 = new com.rsa.certj.InvalidParameterException     // Catch: java.lang.Throwable -> L55
            r1 = r0
            java.lang.StringBuffer r2 = new java.lang.StringBuffer     // Catch: java.lang.Throwable -> L55
            r3 = r2
            r3.<init>()     // Catch: java.lang.Throwable -> L55
            java.lang.String r3 = "OCSP: "
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> L55
            r3 = r8
            java.lang.String r3 = r3.toString()     // Catch: java.lang.Throwable -> L55
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> L55
            java.lang.String r3 = " does not exist."
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> L55
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Throwable -> L55
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L55
            throw r0     // Catch: java.lang.Throwable -> L55
        L55:
            r11 = move-exception
            r0 = jsr -> L5d
        L5a:
            r1 = r11
            throw r1
        L5d:
            r12 = r0
            r0 = r9
            if (r0 == 0) goto L6e
            r0 = r9
            r0.close()     // Catch: java.io.IOException -> L6c
            goto L6e
        L6c:
            r13 = move-exception
        L6e:
            ret r12
        L70:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.rsa.certj.provider.revocation.ocsp.OCSP.<init>(java.lang.String, com.rsa.certj.provider.revocation.ocsp.OCSPResponder[], java.io.File):void");
    }

    @Override // com.rsa.certj.Provider
    public ProviderImplementation instantiate(CertJ certJ) throws ProviderManagementException {
        int length = this.a.length;
        try {
            this.b = new OCSPResponderInternal[length];
            for (int i = 0; i < length; i++) {
                this.b[i] = new OCSPResponderInternal(certJ, this.a[i]);
                this.a[i] = null;
            }
            return new Implementation(this, certJ, getName(), null);
        } catch (InvalidParameterException e) {
            throw new ProviderManagementException(new StringBuffer().append("OCSP.instantiate: ").append(e.getMessage()).toString());
        } catch (CertificateException e2) {
            throw new ProviderManagementException(new StringBuffer().append("OCSP.instantiate: ").append(e2.getMessage()).toString());
        } catch (NameException e3) {
            throw new ProviderManagementException(new StringBuffer().append("OCSP.instantiate: ").append(e3.getMessage()).toString());
        } catch (PKIException e4) {
            throw new ProviderManagementException(new StringBuffer().append("OCSP.instantiate: ").append(e4.getMessage()).toString());
        }
    }

    static Hashtable a(OCSP ocsp) {
        return ocsp.f;
    }

    static boolean b(OCSP ocsp) {
        return ocsp.e;
    }

    static OCSPResponderInternal[] c(OCSP ocsp) {
        return ocsp.b;
    }

    static String a() {
        return c;
    }

    static String b() {
        return d;
    }
}
